FrontAccountingERP/FA

FrontAccountingERP/FA

Releases0

Stars100

Official FrontAccounting mirror repository

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-21244 ↗	Sep 30, 2020Wednesday, 30 September 2020, 18:15	4.9 MEDIUM	5.5 MEDIUM
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php.
CVE-2019-5720 ↗	Jan 8, 2019Tuesday, 8 January 2019, 10:29	—	7.5 HIGH
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.
CVE-2018-1000890 ↗	Dec 28, 2018Friday, 28 December 2018, 16:29	—	5 MEDIUM
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.